Menu
A new malware dubbed ‘WogRAT’ targets both Windows and Linux in attacks abusing an online notepad platform named ‘aNotepad’ as a covert channel for storing and retrieving malicious code. aNotepad isn’t blocklisted or treated suspiciously by security tools, which helps make the infection chain stealthier. When the malware is first executed on the victim’s machine, it is unlikely to be flagged by AV tools as it does not feature any malicious functionality.
WogRAT for Linux, which is available in ELF format, shares many similarities with the Windows version. In contrast, Tiny Shell is used for routing operations, and additional encryption is used in communication with the C2. A Linux backdoor called TinySHell allows multiple threat actors to execute commands and exchange data on Linux systems.
The malware has been active since late 2022, targeting Japan, Singapore, China, Hong Kong, and other Asian countries. Organizations should be aware of this malware for their own protection.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
